CVE-2016-1576
Summary
| CVE | CVE-2016-1576 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2016-05-02 10:59:00 UTC |
| Updated | 2022-04-18 17:59:00 UTC |
| Description | The overlayfs implementation in the Linux kernel through 4.5.2 does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an overlayfs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Canonical | Ubuntu Core | 15.04 | All | All | All |
| Operating System | Canonical | Ubuntu Core | 15.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 12.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 15.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 12.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 15.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.10 | All | All | All |
| Operating System | Canonical | Ubuntu Touch | 15.04 | All | All | All |
| Operating System | Canonical | Ubuntu Touch | 15.04 | All | All | All |
| Operating System | Linux | Linux Kernel | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| launchpadlibrarian.net/235300225/0006-overlayfs-Propogate-nosuid-from-lower-and-uppe... | MISC | launchpadlibrarian.net | |
| Overlayfs Over Fuse Local Root Privilege Escalation | MISC | www.halfdog.net | Exploit |
| oss-security - Overlayfs over Fuse Privilege Escalation in USERNS | MLIST | www.openwall.com | |
| Bug #1535150 “CVE-2016-1576” : Bugs : linux package : Ubuntu | CONFIRM | bugs.launchpad.net | |
| kernel/git/torvalds/linux.git - Linux kernel source tree | MISC | git.kernel.org | |
| oss-security - Re: CVE-2021-3847: OverlayFS - Potential Privilege Escalation using overlays copy_up | MLIST | www.openwall.com | |
| CVE-2016-1576 in Ubuntu | CONFIRM | people.canonical.com | |
| launchpadlibrarian.net/235300093/0005-overlayfs-Be-more-careful-about-copying-up-sxi... | MISC | launchpadlibrarian.net | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.